Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Atlassian Jira CVE-2019-8442 Vulnerability (CVE-2019-8442)

Description

The CachingResourceDownloadRewriteRule class in Jira before version 7.13.4, and from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to access files in the Jira webroot under the META-INF directory via a lax path access check.

Remediation

References

Related Vulnerabilities

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-27973)

Internet Information Services Other Vulnerability (CVE-2002-0071)

WordPress Plugin Correos Woocommerce Arbitrary File Download (1.3.0.0)

Nexus Repository Manager Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2019-15588)

Sqlite Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2015-3717)

Severity

High

Classification

CVE-2019-8442

Tags

Missing Update Known Vulnerabilities